Ransomware recovery costs more than double in one year, now averaging $ 1.85 million
A new report from cybersecurity firm Sophos says ransomware recovery costs have skyrocketed over the past year, with the average case hitting around $ 2 million in total spending. That’s an increase from an average of $ 761,000 in 2020.
Organizations also fail to find that paying the ransom avoids costly cleanup; only 8% say they have recovered all of their data after an attack, and 29% have only recovered about half of their data. As ransomware recovery costs have climbed to an average of 10 times the usual ransom demand, it is increasingly clear that these expenses will be inevitable following such a breach.
Ransomware recovery costs tend to rise as attention shifts to the ‘bigger fish’
The Sophos survey included 5,400 business decision-makers from 30 countries, with approximately 100-300 respondents from each country and a wide range of company sizes (100-5,000 employees and over). There was also a mix of types of industries, from IT to local government agencies.
37% of these organizations were affected by ransomware in 2020. 54% of these attacks were successful in encrypting data. The average ransom paid was $ 170,404, compared to an average ransomware recovery cost of $ 1.85 million in total. Of those who paid the ransom, only 65% recovered any amount of their data, and about half of them lost more than half of the data. The cost disparity becomes even more striking when you examine the data in detail; among those who paid the ransom, the average was skewed by two organizations that each paid around $ 3.2 million. Most respondents only paid around $ 10,000, but still experienced very high ransomware recovery costs and struggled to restore data.
There are common factors behind this massive increase in ransomware recovery costs. While extortion attempts are still not a common component of general ransomware attacks, they are on the rise (up 4% from last year). Ransomware groups are also becoming more selective in terms of goals, favoring large organizations that they see as having the greatest need and the greatest ability to make payments. The overall percentage of respondents affected by ransomware was actually down from last year (by 14%), but costs doubled. Sophos attributes this to more selective and sophisticated attacks, mostly carried out by real humans rather than automated scripts designed to spread over a large network. Respondents supported this hypothesis, with 42% of organizations with more than 1,000 employees reporting an attack versus 33% of small groups.
India takes the lead in ransomware attacks
The report also found new emerging geographic factors. India is currently suffering the most ransomware attacks, and Sophos reports that one of the main drivers is the country’s criminal actors attacking domestic targets. Austria is second and the United States third, with just over half of American respondents reporting a ransomware attack in 2020. The report notes that Japan has an unusually low rate of ransomware attempts for a developed country and prosperous, which he perhaps attributes to language. causing problems for attackers. In general, developed Western economies are the most frequently targeted and also have the highest average demands ($ 214,096).
There is also a great disparity in ransomware recovery costs based on geographic location. Austria, which was the second most frequently attacked, was also ahead of the pack in average cost at $ 7.75 million. Belgium, Singapore and India all had average collection costs of over $ 3 million. The other countries above the world average were the Netherlands, the United States, Mexico, the United Kingdom, Canada and Australia. About a dozen countries had ransomware recovery costs of less than $ 1 million, up to $ 370,000 in the Czech Republic. The report notes that remediation costs tend to correlate with average national wages.
The sectors most affected have been retail trade, education, and business and professional services. While healthcare was in the news throughout 2020 for serious ransomware attacks, it was actually in the middle of the pack in terms of global incidents. However, it was among the industries most unlikely to be able to stop data encryption during an attack (along with energy utilities and local government). Media and entertainment, transportation and manufacturing were the industries most hardened against encryption attempts.
Organizations taking action believe ransomware attacks inevitable
Of the organizations that escaped a major ransomware attack last year, 40% believed it was inevitable that they would end up being affected. 32% said they saw an increase in attempts and 37% said they knew of other organizations in their industry that had been targeted. 22% admitted to having gaps in their security, while 60% said they have trained IT security personnel who they are confident will be able to stop attacks. An additional 52% have invested in anti-ransomware technology, 37% have empty backups, and 32% have ransomware insurance. 90% said they had some sort of malware response plan in place, with 51% describing their plan as “comprehensive and detailed”. Somewhat alarmingly, local and central governments are the groups least likely to implement a malware recovery plan.
The average ransom paid was $ 170,404, compared to an average cost of recovering #ransomware of $ 1.85 million. Of those who paid the ransom, only 65% recovered any amount of their data. # cybersecurity #respectdata
The Sophos report ends with a series of recommendations for organizations based on this data, one of the most important of which is not to pay ransoms to threat actors; the chances of data recovery are low and the impact on the overall recovery costs is insignificant. Layered cybersecurity protection to block attackers, keep a backup set offline, and a malware recovery plan are much more important.